
PATENT 

ATTY DOCKET K35A0675 



1 DIGITAL VIDEO RECORDER FOR ENCRYPTING/DECRYPTING VIDEO 

2 PROGRAMS IN SEGMENTS TO FACILITATE TRICK PLAY FEATURES 

3 

4 BACKGROUND OF THE INVENTION 

5 Field of the Invention 

6 The present invention relates to digital video recorders. More particularly, the present 

7 invention relates to a digital video recorder for encrypting/decrypting video programs in 

8 segments to facilitate trick play features. 

9 Description of the Prior Art 

10 Digital video recorders (DVRs) typically store video programs on a random access 

1 1 storage (RAS) device, such as on a conventional hard disk drive (HDD), which enables certain 
ff 1 12 "trick play" features, such as skipping ahead in a program. The trick play features are enabled by 
IP 13 processing frame headers which are recorded in arbitrary length frames of the video program. 
hi 14 Due to the arbitrary frame lengths, the video programs are typically processed in unencrypted 
3 15 form in order to detect frame headers which identify frame boundaries. Thus, prior art DVRs 



yg 16 typically store copyrighted video programs in unencrypted form so that the DVR can randomly 

ill 

g 17 access individual frames during playback. This design, however, subjects the copyrighted 

S 18 material to unauthorized reproduction, for example, by eavesdropping while the copyrighted 

19 content is transferred from the DVR host circuitry to the RAS device. 



20 Prior art DVRs typically employ a conventional hard disk drive (HDD), such as an IDE 

21 hard disk drive, as the RAS device since HDDs have sufficient capacity to store video content 

22 and are relatively inexpensive due to their prevalent use in personal computers (PCs). Rather 

23 than design and manufacture a customized HDD for the DVR market, DVRs are constructed 

24 similar to a PC, including DVR host circuitry for interfacing with a commodity HDD which 

25 reduces the cost of the DVR. Using a conventional HDD, however, has rendered the DVR more 

26 susceptible to unauthorized copying of video programs since the HDD can be removed and 

27 installed in another DVR or in a PC. 
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1 There is, therefore, a need to protect against unauthorized reproduction of copyrighted 

2 video programs in a DVR employing a cost effective, commodity HDD, while supporting trick 

3 play features. 

4 SUMMARY OF THE INVENTION 

5 The present invention may be regarded as a digital video recorder (DVR) for storing a 



6 plaintext video program as an encrypted video program. The DVR comprises a random access 

7 storage (RAS) device for storing the encrypted video program in encrypted segments. The DVR 

8 further comprises a cryptography facility comprising an encoder for encrypting plaintext 

9 segments of the plaintext video program into the encrypted segments stored on the RAS device, 

10 and a decoder for randomly and independently decrypting the encrypted segments of the 

1 1 encrypted video program into plaintext segments during playback. 

12 In one embodiment the cryptography facility comprises a pseudo-random sequence 

13 generator for generating a pseudo-random sequence. In one embodiment, the pseudo-random 

14 sequence generator is initialized with segment seed values corresponding to the plaintext 

15 segments of the plaintext video program , and the encoder combines the pseudo-random 

16 sequence generated for each segment seed value with the plaintext segments of the plaintext 



17 video program to generate the encrypted segments of the encrypted video program stored on the 

18 RAS device. During playback, the pseudo-random sequence generator is initialized with 

19 segment seed values corresponding to the encrypted segments of the encrypted video program, 

20 and the decoder combines the pseudo-random sequence generated for each segment seed value 

21 with the encrypted segments of the encrypted video program to generate the plaintext segments 

22 of the plaintext video program. 

23 In an alternative embodiment, the RAS device comprises a hard disk drive (HDD) 

24 comprising a disk, the disk comprises a plurality of data tracks, each track comprises a plurality 

25 of data sectors, and each data sector stores an encrypted segment of the encrypted video program. 

26 The present invention may also be regarded as a method for processing a video program 

27 in a digital video recorder comprising a random access storage (RAS) device. Plaintext segments 
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1 of a plaintext video program are encrypted into encrypted segments. The encrypted segments are 

2 stored on the RAS device and, during playback, randomly read from the RAS device. Each 

3 encrypted segment is then independently decrypted into a plaintext segment. 

4 BRIEF DESCRIPTION OF THE DRAWINGS 

5 FIG. 1 shows a digital video recorder according to an embodiment of the present 

6 invention wherein a video program is encrypted in segments, and the encrypted segments stored 

7 on a random access storage device. 

8 FIG. 2 shows a digital video recorder according to an alternative embodiment of the 

9 present invention wherein video programs are stored in encrypted form on a hard disk drive 

10 (HDD) using plaintext keys which are also encrypted using a pseudo-random sequence generated 

1 1 from a unique ID and stored in encrypted file system entries on the HDD. 

^ 12 FIG. 3 A shows a programmable file system (FS) polynomial implemented using a linear 

^13 feedback shift register (LFSR) for generating the pseudo-random sequence of FIG. 2, wherein a 

Q 14 seed value is generated for the LFSR from the unique ID. 

Z 15 FIG. 3B shows a programmable FS polynomial implemented using a LFSR for 

CO 16 generating the pseudo-random sequence of FIG. 2, wherein coefficient values are generated for 

17 the LFSR from the unique ED. 

18 FIG. 4A shows an LFSR for generating a pseudo-random sequence for encrypting a 

19 plaintext video program using a plaintext key as a seed value for the LFSR. 

20 FIG. 4B shows an LFSR for generating a pseudo-random sequence for encrypting a 

21 plaintext video program using a plaintext key, wherein a seed value is generated from the 

22 plaintext key. In an alternative embodiment, a plurality of segment seed values are generated 

23 from the plaintext key wherein each segment seed value is used to encrypt a corresponding 

24 segment of the plaintext video program. 

25 FIG. 4C shows an LFSR for generating a pseudo-random sequence for encrypting a 

26 plaintext video program using a plaintext key, wherein coefficient values are generated from the 

27 plaintext key. In an alternative embodiment, sets of coefficient values are generated from the 
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1 plaintext key wherein each set of coefficient values is used to encrypt a corresponding segment 

2 of the plaintext video program. 

3 DESCRIPTION OF THE PREFERRED EMBODIMENTS 

4 FIG. 1 shows a digital video recorder (DVR) 1 for storing a plaintext video program as an 

5 encrypted video program according to an embodiment of the present invention. The DVR 1 

6 comprises a random access storage (RAS) device 3 for storing the encrypted video program in 

7 encrypted segments 5. The DVR 1 further comprises a cryptography facility 14 comprising an 

8 encoder 24 for encrypting plaintext segments 7A of the plaintext video program into the 

9 encrypted segments 5 stored on the RAS device 3, and a decoder 26 for randomly and 
10 independently decrypting the encrypted segments 5 of the encrypted video program into plaintext 

0 1 1 segments 7B during playback. 

fjil2 The DVR 1 of FIG. 1 further comprises a video controller 28 for receiving video data 30 

m\3 from an external entity (e.g., a cable or satellite) and for providing video data 34 to a display 

14 device during playback. The video controller 28 processes the headers in the video frames of the 

_/l5 video data 30 in order to implement trick play features. Certain trick play features, such as skip 

4? 16 ahead or behind, require that the video program be accessed randomly rather than in a 

Jjf 17 consecutive sequence of frames. The DVR 1 of FIG. 1 facilitates this feature by decrypting the 

s s 

Oi8 video program in segments. When the video controller 28 requires access to a particular segment 

19 of the video program, it initializes the decoder 26 with an appropriate segment key for decrypting 

20 the video segment as it is read from the RAS device 3. 

21 FIG. 2 shows a DVR 2 according to an embodiment of the present invention wherein the 

22 RAS device 3 of FIG. 1 is implemented as a hard disk drive (HDD) 6. The HDD 6 stores a 

23 plurality of encrypted video programs 8 and an encrypted file system, the encrypted file system 

24 comprising a plurality of encrypted file system entries 10 for decrypting the plurality of 

25 encrypted video programs 8. The DVR 2 further comprises host circuitry 12 for interfacing with 

26 the HDD 6, the host circuitry 12 comprising the cryptography facility 14 for encrypting plaintext 

27 file system entries 16A into the encrypted file system entries 10 stored on the HDD 6, and for 
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1 decrypting the encrypted file system entries 10 read from the HDD 6 into plaintext file system 

2 entries 16B. The cryptography facility 14 comprises a pseudo-random sequence generator 20, 

3 responsive to the unique ED 4, for generating a pseudo-random sequence 22. The cryptography 

4 facility 14 further comprises an encoder 24 for combining the pseudo-random sequence 22 with 

5 the plaintext file system entries 16A to generate the encrypted file system entries 10 stored on the 

6 HDD 6, and a decoder 26 for combining the pseudo-random sequence 22 with the encrypted file 

7 system entries 10 read from the HDD 6 to generate the plaintext file system entries 16B. 

8 In one embodiment, the encoder 24 of FIG. 2 performs the encryption operation by 

9 XORing each element (e.g., byte) of the plaintext file system entry 16A with a corresponding 
10 element (e.g., byte) of the pseudo-random sequence 22. Similarly, the decoder 26 performs the 

Oil decryption operation by XORing each element (e.g., byte) of the encrypted file system entry 10 

yil2 with a corresponding element (e.g., byte) of the pseudo-random sequence 22 to generate the 

m 13 plaintext file system entry 16B. 

yj 14 The video controller 28 generates control signals 32 for controlling the operation of the 

s "l5 cryptography facility 14 when recording an encrypted video program 8, together with the 

C? 

.f=16 encrypted file system entry 10 for decrypting the encrypted video program 8. The video 

s . : 

^17 controller also processes the decrypted file system entries 16B so that the encrypted video 

~18 programs 8 can be decrypted and output as video data 34 to a display device. Because the file 

19 system entries 10 are stored in encrypted form relative to the unique ID 4 assigned to the DVR 2, 

20 the encrypted video programs 8 stored on the HDD 6 cannot be decrypted by connecting the 

21 HDD 6 to another DVR or to a PC. In effect, the HDD 6 is married to the host circuitry 12 of the 

22 DVR 2 through the unique ED 4 which protects against unauthorized copying. In addition, the 

23 encrypted file system entries 10 are transparent to the operation of the HDD 6 so that any 

24 conventional HDD 6 may be employed without modification. 

25 In one embodiment, the plaintext file system entry 16A comprises a plaintext key for 

26 encrypting a plaintext video program into an encrypted video program 8 stored on the HDD 6. 

27 The cryptography facility 14 encrypts the plaintext video program into an encrypted video 



Y:\K35A\A0600-A0699\A0675\DOCS\k35a0675paf.doc 9/29/00 



5 



PATENT 
ATTY DOCKET K35A0675 



1 program 8 stored on the HDD 6, and encrypts the plaintext key into an encrypted key stored on 

2 the HDD 6 in an encrypted file system entry 10. In one embodiment, the encoder 24 combines 

3 the pseudo-random sequence 22 with the plaintext video program to generate the encrypted video 

4 program 8 stored on the HDD 6. 

5 In another embodiment, the encrypted file system entry 10 comprises an encrypted key 

6 for decrypting an encrypted video program 8 read from the HDD 6 into a plaintext video 

7 program. The cryptography facility 14 decrypts the encrypted key read from encrypted file 

8 system entry 10 into a plaintext key, and decrypts the encrypted video program 8 read from the 

9 HDD 6 using the plaintext key. In one embodiment, the decoder 26 combines the pseudo- 

10 random sequence 22 with the encrypted video program 8 read from the HDD 6 to generate the 

1 1 plaintext video program. 

12 In one embodiment, the pseudo-random sequence generator 20 comprises a 

13 programmable file system (FS) polynomial for generating the pseudo-random sequence 22. In 

14 one embodiment, the programmable FS polynomial is programmed with coefficients which, in 

15 one embodiment, are generated by a coefficient generator responsive to the unique ED 4. In 

16 another embodiment, the programmable FS polynomial is programmed with a seed value which, 

17 in one embodiment, is generated by a seed value generator responsive to the unique ID 4. 

18 FIG. 3 A shows an embodiment of the present invention wherein the FS polynomial is 

19 implemented using a suitable linear feedback register (LFSR) 36. An LFSR may be 

20 implemented using a number of different configurations. The LFSR 36 of FIG. 3 A comprises a 

21 shift register 38 comprising N storage elements which are initialized with a seed value 40 

22 generated by a seed value generator 50 from the unique ID 4. A number of taps 42A-42E 

23 connect a corresponding number of the storage elements to an adder 44 for adding the values 

24 stored in the storage elements. The resulting sum 44 is fed back 46 to an input of the LFSR 36. 

25 The LFSR 36 is shifted from left to right, and the right most storage element 48 outputs each 

26 value of the pseudo-random sequence 22. 

27 FIG. 3B shows an alternative embodiment of the present invention wherein the FS 
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1 polynomial is implemented using an LFSR 52 comprising programmable coefficients 540-54^ A 

2 coefficient generator 56 generates coefficient values 58 for programming each of the 

3 programmable coefficients 54 0 -54 N . In the embodiment shown in FIG. 3B, the coefficients are 

4 binary valued and the programmable coefficients 54 0 -54 N are implemented as switches. 

5 In yet another embodiment of the present invention, the FS polynomial is implemented 

6 using an LFSR comprising both a programmable seed value and programmable coefficients 

7 values which are generated from the unique ID 4. 

8 In one embodiment, the seed value generator 50 implements a function f(x), such as a 

9 polynomial, with the unique ID 4 as the input argument x and the seed value 40 the result. In 

10 another embodiment, the seed value generator 50 comprises a programmable algorithm for 

11 computing the seed value 40 from the unique ID 4. This embodiment allows a DVR 

12 manufacture to select the function f(x) for implementing a line of DVRs. This embodiment also 

13 allows an external entity to update the programmable algorithm to protect against system 

14 compromise. For example, in one embodiment the DVR 2 of FIG. 2 comprises network circuitry 

15 for connecting to a network (e.g., through a cable or satellite), and a system administrator on the 

16 network periodically changes the programmable algorithm in a random manner. Thus, if an 

17 attacker discovers the algorithm used by the seed value generator 50 to generate the seed value 

18 40, the compromise is only temporary until the system administrator updates the algorithm. 

19 In another embodiment, the coefficient value generator 56 implements a plurality of 

20 functions f(x), such as a plurality of polynomials, with the unique ID as the input argument x and 

21 the coefficient values 58 the result of each function f(x). The coefficient value generator 56 may 

22 also implement a programmable algorithm for computing the coefficient values 58 to facilitate 

23 different DVR manufactures and to protect against system compromise as described above. 

24 In another embodiment of the present invention, the seed value generator 50 comprises a 

25 seed table comprising a plurality of table entries, each table entry comprising a seed value. An 

26 index generator, responsive to the unique ID 4, generates an index into the seed table. In yet 

27 another embodiment, the coefficient value generator 56 comprises a coefficient table comprising 
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1 a plurality of table entries, each table entry comprising coefficient values. An index generator, 

2 responsive to the unique ED 4, generates an index into the coefficient table. 

3 FIG. 4A shows an alternative embodiment of the present invention as comprising a 

4 programmable LFSR 59 for generating a pseudo-random sequence 22 used to encrypt a plaintext 

5 video program into an encrypted video program 8 stored on the HDD 6. A plaintext key 18 is 

6 used as a seed value for the LFSR 59, where the plaintext key 18 is associated with the plaintext 

7 video program. In one embodiment, the plaintext key is derived from the filename or other 

8 attribute of the video program. In another embodiment, the plaintext key is generated randomly 

9 using any suitable method, for example, by reading a system clock value just prior to encrypting 

10 the plaintext video. 

11 FIG. 4B shows an alternative embodiment of the present invention as comprising a 

12 programmable LFSR 60 for generating a pseudo-random sequence 22 used to encrypt a plaintext 

13 video program into an encrypted video program 8 stored on the HDD 6. A seed value generator 

14 62 generates a seed value 64 used to initialize the shift register 38. The seed value 64 is 

15 generated from the plaintext key 18 used to encrypt the plaintext video program. In one 

16 embodiment, the plaintext video program is encrypted in segments, and the seed value generator 

17 62 generates a distinct seed value 64 for each segment number 66. Each segment seed value 64 

18 is essentially a distinct key for use in encrypting a corresponding segment of the plaintext video 

19 program. In this manner, compromise of a single key enables successful decrypting of only a 

20 segment of the encrypted video program. Further, encrypting the video program in segments 

21 facilitates trick play features during playback as described above. 

22 In one embodiment, the plaintext key 18 comprises a plurality of segment keys for 

23 encrypting each segment of the plaintext video program, and the seed value generator 62 

24 generates a corresponding seed value 64 for each segment key. In another embodiment, the 

25 segment keys are computed from the plaintext key 18, and the seed value generator 62 generates 

26 a corresponding seed value 64 for each computed segment key. In one embodiment, the seed 

27 value generator 62 comprises a function f(x,y) for computing the segment seed values 64 wherein 
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1 the plaintext key 18 and segment number 66 are the input arguments x and y, and the segment 

2 seed value 64 is the result. Lookup tables may also be employed for generating the segment 

3 keys, and the algorithm for computing the segment keys may be programmably updated to 

4 facilitate different DVR manufactures and to protect against system compromise as described 

5 above. 

6 FIG. 4C shows an alternative embodiment of the present invention as comprising a 

7 programmable LFSR 68 for generating a pseudo-random sequence 22 used to encode a plaintext 

8 video program into an encrypted video program 8 stored on the HDD 6. A coefficient value 

9 generator 70 generates a coefficient values 72 used to initialize the coefficients of the LFSR 68. 

10 The coefficient values 72 are generated from the plaintext key 18 used to encrypt the plaintext 

1 1 video program. In one embodiment, the plaintext video program is encrypted in segments, and 

12 the coefficient value generator 70 generates distinct coefficient values 72 for each segment 

13 number 66. Similar to the embodiment of FIG. 4B, each set of coefficient values 72 is 

14 essentially a distinct key for use in encrypting a corresponding segment of the plaintext video 

15 program so that compromise of a single key enables successful decrypting of only a segment of 

16 the encrypted video program. Further, decrypting the video program in segments facilitates trick 

17 play features during playback as described above. 

18 In one embodiment, the plaintext key 18 comprises a plurality of segment keys for 

19 encrypting each segment of the plaintext video program, and the coefficient value generator 70 

20 generates a set of coefficient values 72 for each segment key. In another embodiment, the 

21 segment keys are computed from the plaintext key 18, and the coefficient value generator 70 

22 generates a corresponding set of coefficient values 72 for each computed segment key. In one 

23 embodiment, the coefficient value generator 70 comprises a function f(x,y) for computing the 

24 segment coefficient values 72 wherein the plaintext key 1 8 and segment number 66 are the input 

25 arguments x and y, and the segment coefficient values 72 are the result. Lookup tables may also 

26 be employed for generating the segment keys, and the algorithm for computing the segment keys 

27 may be programmably updated to facilitate different DVR manufactures and to protect against 
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1 system compromise as described above. 

2 In another embodiment, the LFSR 60 of FIG. 4B or the LFSR 68 of FIG. 4C is used to 

3 decrypt an encrypted video program 8 in segments using the segment keys. In one embodiment, 

4 the plaintext key 18 comprises a plurality of segment keys which are encrypted and stored as an 

5 encrypted file system entry 10 for use in decrypting the encrypted video program 8 during 

6 playback. In another embodiment, the plaintext key 18 is encrypted and stored as an encrypted 

7 file system entry 10. During playback, the encrypted key is decrypted into the plaintext key 18, 

8 and the plaintext key 18 is used to generate the segment keys for use in decrypting the encrypted 

9 video program 8 in segments. 

10 In one embodiment, the HDD 6 comprises a disk having a plurality of data tracks, where 

1 1 each data track comprises a plurality of data sectors. In the embodiments of FIG. 4B and 4C, a 

12 segment of a video program corresponds to a data sector. This simplifies the design since data is 

13 typically written to and read from a conventional HDD 6 in sector blocks. In one embodiment, 

14 the encrypted key for use in decrypting a corresponding sector is stored in the sector. 

15 In another embodiment of the present invention, the unique ID 4 is implemented using 

16 tamper and inspection resistant circuitry to protect against discovery. In one embodiment, the 

17 host circuitry 12 and unique ID 4 are implemented within an integrated circuit (IC), and the 

18 unique ED 4 is buried, scattered or otherwise concealed within the IC using any suitable method. 

19 In yet another embodiment, at least part of the cryptography facility 14 (e.g., the seed value 

20 generator 62 of FIG. 4B or the coefficient value generator 70 of FIG. 4C) is implemented using 

21 tamper and inspection resistant circuitry to protect against discovery. An example of tamper and 

22 inspection resistant circuitry is disclosed in Tygar, J.D. and Yee, B.S., "Secure Coprocessors in 

23 Electronic Commerce Applications," Proceedings 1995 USENIX Electronic Commerce 

24 Workshop, 1995, New York, which is incorporated herein by reference. 

25 The embodiments of the present invention may be implemented in circuitry or software 

26 or both. The circuitry and/or software may be static or field programmable as described above. 

27 Software embodiments comprise code segments embodied on a computer readable medium, such 
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1 as a hard disk, floppy disk, compact disk (CD), digital video disk (DVD), or programmable 

2 memory (e.g., an EEPROM). The code segments may be embodied on the computer readable 

3 medium in any suitable form, such as source code segments, assembly code segments, or 

4 executable code segments. 
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